From f004cb7939ce541e0735131f54a0413d6cc51f1a Mon Sep 17 00:00:00 2001
From: sebtelko <83702277+sebtelko@users.noreply.github.com>
Date: Thu, 13 May 2021 06:32:51 +0200
Subject: [PATCH] secrets/azurekeyvault: Add support for private clouds (Azure
 Stack) (#2997)

---
 secrets/azurekeyvault/akv.go      |  2 +-
 secrets/azurekeyvault/akv_test.go | 65 +++++++++++++++++++++++++++++++
 2 files changed, 66 insertions(+), 1 deletion(-)

diff --git a/secrets/azurekeyvault/akv.go b/secrets/azurekeyvault/akv.go
index 26f19b0f90..cfc373cf53 100644
--- a/secrets/azurekeyvault/akv.go
+++ b/secrets/azurekeyvault/akv.go
@@ -208,7 +208,7 @@ func dial(useCLI bool) (*keyvault.BaseClient, error) {
 
 var (
 	// Note that the last binding may be just a key, or key/version.
-	keyIDRE = regexp.MustCompile(`^(https://.+\.vault\.(?:azure\.net|azure\.cn|usgovcloudapi\.net|microsoftazure\.de)/)keys/(.+)$`)
+	keyIDRE = regexp.MustCompile(`^(https://.+\.vault\.(?:[a-z\d-.]+)/)keys/(.+)$`)
 )
 
 // OpenKeeper returns a *secrets.Keeper that uses Azure keyVault.
diff --git a/secrets/azurekeyvault/akv_test.go b/secrets/azurekeyvault/akv_test.go
index e29da72cc5..6e3b2ecaa9 100644
--- a/secrets/azurekeyvault/akv_test.go
+++ b/secrets/azurekeyvault/akv_test.go
@@ -203,3 +203,68 @@ func TestOpenKeeper(t *testing.T) {
 	}
 }
 */
+
+func TestKeyIDRE(t *testing.T) {
+	client := keyvault.NewWithoutDefaults()
+
+	testCases := []struct {
+		// input
+		keyID string
+
+		// output
+		keyVaultURI string
+		keyName     string
+		keyVersion  string
+	}{
+		{
+			keyID:       keyID1,
+			keyVaultURI: "https://go-cdk.vault.azure.net/",
+			keyName:     "test1",
+		},
+		{
+			keyID:       keyID2,
+			keyVaultURI: "https://go-cdk.vault.azure.net/",
+			keyName:     "test2",
+		},
+		{
+			keyID:       "https://mykeyvault.vault.azure.net/keys/mykey/myversion",
+			keyVaultURI: "https://mykeyvault.vault.azure.net/",
+			keyName:     "mykey",
+			keyVersion:  "myversion",
+		},
+		{
+			keyID:       "https://mykeyvault.vault.usgovcloudapi.net/keys/mykey/myversion",
+			keyVaultURI: "https://mykeyvault.vault.usgovcloudapi.net/",
+			keyName:     "mykey",
+			keyVersion:  "myversion",
+		},
+		{
+			keyID:       "https://mykeyvault.vault.region01.external.com/keys/mykey/myversion",
+			keyVaultURI: "https://mykeyvault.vault.region01.external.com/",
+			keyName:     "mykey",
+			keyVersion:  "myversion",
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.keyID, func(t *testing.T) {
+			k, err := openKeeper(&client, testCase.keyID, nil)
+			if err != nil {
+				t.Fatal(err)
+			}
+			defer k.Close()
+
+			if k.keyVaultURI != testCase.keyVaultURI {
+				t.Errorf("got key vault URI %s, want key vault URI %s", k.keyVaultURI, testCase.keyVaultURI)
+			}
+
+			if k.keyName != testCase.keyName {
+				t.Errorf("got key name %s, want key name %s", k.keyName, testCase.keyName)
+			}
+
+			if k.keyVersion != testCase.keyVersion {
+				t.Errorf("got key version %s, want key version %s", k.keyVersion, testCase.keyVersion)
+			}
+		})
+	}
+}